CVE-2023-31446

CRITICAL EXPLOITED NUCLEI

Cassia Gateway firmware - Code Injection

Title source: llm

Description

In Cassia Gateway firmware XC1000_2.1.1.2303082218 and XC2000_2.1.1.2303090947, the queueUrl parameter in /bypass/config is not sanitized. This leads to injecting Bash code and executing it with root privileges on device startup.

Exploits (1)

nomisec WRITEUP 4 stars

by Dodge-MPTC · remote

https://github.com/Dodge-MPTC/CVE-2023-31446-Remote-Code-Execution

View Code ZIP pw:eip

Nuclei Templates (1)

Cassia Gateway Firmware - Remote Code Execution

CRITICALVERIFIEDby DhiyaneshDk

Shodan: html:"Cassia Bluetooth Gateway Management Platform" || http.html:"cassia bluetooth gateway management platform"

FOFA: body="cassia bluetooth gateway management platform"

References (3)

[Various Sources] https://blog.kscsc.online/cves/202331446/md.html

[Exploit, Third Party Advisory] https://github.com/Dodge-MPTC/CVE-2023-31446-Remote-Code-Execution

[Product] https://www.cassianetworks.com

Scores

CVSS v3 9.8

EPSS 0.9267

EPSS Percentile 99.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2024-12-21

CWE

CWE-77

Status published

Products (2)

cassianetworks/xc1000_firmware 2.1.1.2303082218

cassianetworks/xc2000_firmware 2.1.1.2303090947

Published Jan 10, 2024

Tracked Since Feb 18, 2026